jerer Hi
Can you please explain how you solved this issue?

This is my endpoints. Is there a change ?

sachithmuhandiram

Hi, this is just a dirty "hack" to bypass the "User details" API call. This is not a proper fix to this problem, but just something I did temporarily to get things going again. If you do this, make sure you are not logged in to any other mailbox. This bypasses the email address matching so you could accidentally start polling emails from the wrong mailbox. I recommend starting your browser in a new incognito mode just in case.

1. Create a ".json" file in your osticket folder (or somewhere else) with the content:{"EmailAddress": "set your mailbox email address here"}

2. Configure that in the "Resource details Endpoint", e.g. https://<your-osticket-host.com>/something.json
   (Technically we could use any URL here that returns JSON data, but because the access token is sent to that URL don't use any public ones for security reasons)

3. Keep the scopes as offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send

4. Keep the "Email address attribute" as "EmailAddress".

If you are using multiple mailboxes, I guess you will have to uncheck email address "Strict matching" (again, make sure to logout other mailboxes first). Or you could use multiple json files/php script to handle that.

jerer
Thank you so much! This got it up an running again!
Is there a permanent fix planned? How is everyone else not having this issue?

jerer

Yea we are not updating for Graph API until absolutely required because it will require us to completely rework fetching all over again and move it to API calls. This is planned for v2.0 but not for legacy. We have thousands of customers using this with no issues. Simple seems like a Microsoft issue as earlier in the thread it started working again with no changes from our side.

Cheers.

ben_werk
Not everyone is having this issue (yet) because:

• Microsoft has been decommissioning the Outlook v2 API progressively, not from all organizations at once
• The API is called only when you configure the OAuth, so valid refresh tokens will continue to work

But for example when the client secret expires (which is max 2 years) and it needs to be updated, people will be faced with this issue.

jerer

That’s not what happened in the referenced thread last time. If they truly decommissioned it then those people would still be broken but it started working again once Microsoft fixed the issue on their end.

Cheers.

KevinTheJedi
Please refer to this: https://techcommunity.microsoft.com/t5/exchange-team-blog/final-reminder-outlook-rest-api-v2-0-and-beta-endpoints/ba-p/4058396

jerer

I don’t believe they would kill IMAP/POP like that. Graph only supports API calls as far as I’m aware and outlook supports IMAP/POP protocols.

Cheers.

Has anyone found a working, explainable solution to this please???

jerer

Maybe it’s too early and I’m not understanding you. The problem isn’t getting a graph token the problem is using the token to authenticate to IMAP/POP protocols (the only IMAP resource I know is outlook.office365.com:933 - don’t see a graph resource for this). When you authenticate using graph token it fails. Our code only supports fetching via IMAP/POP protocols we do not support fetching from retrieving mail via api calls. From all that I’ve read online graph tokens are solely used for graph api endpoints. Graph API endpoints require calling a API endpoint to retrieve mail; completely different than IMAP/POP protocols. IMAP is a protocol to fetch mail not an API endpoint. So my point is that the graph tokens are meant for graph api and graph api is only good for API calls and that essentially kills IMAP/POP which I doubt they are doing.

Cheers.

Does this url help?

https://learn.microsoft.com/en-us/outlook/rest/compare-graph#moving-from-outlook-endpoint-to-microsoft-graph

jfields

No, that is still explaining that you must switch to API calls to retrieve mail instead of using IMAP/POP3 protocols so that's not going to help here. Our software only supports IMAP/POP3 fetching or email piping or sending emails to our API (not us calling out to retrieve mail).

Cheers.

Also having the same issue. Our Token expired yesterday, and we are unable to refresh. Verified all the endpoints, secrets, etc. are correct.

@jerer

I really recommend you try this yourself. You can uncheck Strict Matching if it's not letting you get passed that part. But once you get a token with the user endpoint set to graph you can't authenticate to IMAP/POP3. If i'm missing something please let me know.

Cheers.